When a server is started, it allows ECDA to check for all the configured access services.
SSLEnabled= [yes | no]
no
yes causes ECDA to search the following directories for two files, one ending in .crt (the certificate file), and the other ending in .pwd (the encrypted password file). For example, srvname.crt and srvname.pwd. Instructions for creating these files are defined in the Enterprise Connect Data Access Installation Guides for your platform.
ECDA searches these files that are displayed for UNIX (for Windows use the appropriate environment variables):
/<install_dir>/DC-15_0/server/certificates
/<install_dir>/DC-15_0/certificates
/<install_dir>/certificates
$SYBASE_CERTDIR
If SSLEnabled equals yes, the service name of the SSLServices property and the srvname.crt and srvname.pwd must match. If a match is not found, ECDA does not start.
If both files are present, ECDA passes the path to the certificate file, and the contents of the password file to Open Server. This initializes the SSL context for ECDA.
WARNING! Only one SSLEnabled access service can run on a DirectConnect server. This is due to the restrictions of Open Server, which allows only one SSL certificate in a program. Open Client requires the name in the certificate to match the name to which Open Client requested a connection.
While you can configure ECDA to listen on both SSL and non-SSL ports, which allows you to use both non-SSL access service and one SSL access service in the same ECDA, Sybase recommends using only one SSL access service for each DirectConnect server. This prevents a user from using an unsecured port to gain access to unsecured data within an organization.
ECDA does not support “transfer to” and “transfer
from”
SSL-enabled ASE servers.
| Copyright © 2008. Sybase Inc. All rights reserved. |
|
|